ID CVE-2014-6559Type cveReporter NVDModified 2017-01-02T21:59:10
Description
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
{"title": "CVE-2014-6559", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "published": "2014-10-15T18:55:08", "cvelist": ["CVE-2014-6559"], "viewCount": 16, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6559", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3b25205b7674fcf6099aeb3501168a08", "key": "cpe"}, {"hash": "a097828d0b16d9db56adca4e08b85b0c", "key": "cvelist"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "6541fa8334259ca0643547a10e7a5fe0", "key": "description"}, {"hash": "4c9c1770364e7aa53efbe816131a623f", "key": "href"}, {"hash": "75a068281a3984adabf3f284a8fa2a8d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "63c651f4c4fdcd45a9d61d5e9f7685af", "key": "published"}, {"hash": "d60265db22e0b6aa229c4623ceb9143a", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "7da9d8de8e9f75c04f2069ffd8fa05f2", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2014-10-15T18:55:08", "cvelist": ["CVE-2014-6559"], "title": "CVE-2014-6559", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6559", "bulletinFamily": "NVD", "id": "CVE-2014-6559", "history": [], "scanner": [], "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:mysql:mysql:5.5.4", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.19", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.6.18", "cpe:/a:oracle:mysql:5.5.39", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:oracle:mysql:5.6.20", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.38", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/a:juniper:junos_space:15.1", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "modified": "2015-10-21T11:26:50", "hash": "15158a26da8da9493b97e5066b2e4039092a842417057d91b46cf0725c2be0f4", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://security.gentoo.org/glsa/glsa-201411-02.xml", "http://www.securityfocus.com/bid/70487", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "7da9d8de8e9f75c04f2069ffd8fa05f2", "key": "title"}, {"hash": "a097828d0b16d9db56adca4e08b85b0c", "key": "cvelist"}, {"hash": "e3ec9ef6e4e929ee9adf74f92e540db6", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "63c651f4c4fdcd45a9d61d5e9f7685af", "key": "published"}, {"hash": "e722bef3352423cd9991ad4f367f8cae", "key": "cpe"}, {"hash": "e49139ad6d34d77c4c1116e1bf96235e", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4c9c1770364e7aa53efbe816131a623f", "key": "href"}, {"hash": "6541fa8334259ca0643547a10e7a5fe0", "key": "description"}], "lastseen": "2016-09-03T21:06:01", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING."}, "differentElements": ["references", "modified", "cpe"], "edition": 1, "lastseen": "2016-09-03T21:06:01"}], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "modified": "2017-01-02T21:59:10", "hash": "cb078cc8c3490256af4c9a38af71d52a67a8ef01e16db651a0d89a0d744a7d0c", "cpe": ["cpe:/a:oracle:mysql:5.6.1", "cpe:/a:oracle:mysql:5.5.22", "cpe:/a:oracle:mysql:5.5.16", "cpe:/a:oracle:mysql:5.6.5", "cpe:/a:oracle:mysql:5.5.13", "cpe:/a:mysql:mysql:5.5.4", "cpe:/a:oracle:mysql:5.5.10", "cpe:/a:oracle:mysql:5.5.18", "cpe:/a:oracle:mysql:5.5.19", "cpe:/a:oracle:mysql:5.6.16", "cpe:/a:mysql:mysql:5.5.0", "cpe:/a:oracle:mysql:5.5.14", "cpe:/a:oracle:mysql:5.6.6", "cpe:/a:oracle:mysql:5.5.29", "cpe:/a:oracle:mysql:5.5.15", "cpe:/a:oracle:mysql:5.5.25:a", "cpe:/a:mysql:mysql:5.5.8", "cpe:/a:oracle:mysql:5.6.8", "cpe:/a:oracle:mysql:5.6.14", "cpe:/a:oracle:mysql:5.6.4", "cpe:/a:oracle:mysql:5.5.33", "cpe:/a:oracle:mysql:5.5.24", "cpe:/a:oracle:mysql:5.6.13", "cpe:/a:oracle:mysql:5.6.3", "cpe:/a:oracle:mysql:5.5.35", "cpe:/a:oracle:mysql:5.6.0", "cpe:/a:mysql:mysql:5.5.9", "cpe:/a:mysql:mysql:5.5.3", "cpe:/a:mysql:mysql:5.5.5", "cpe:/a:oracle:mysql:5.6.11", "cpe:/a:oracle:mysql:5.6.19", "cpe:/a:oracle:mysql:5.6.2", "cpe:/a:mysql:mysql:5.5.2", "cpe:/a:oracle:mysql:5.5.26", "cpe:/a:oracle:mysql:5.5.30", "cpe:/a:oracle:mysql:5.5.36", "cpe:/a:mysql:mysql:5.5.1", "cpe:/a:oracle:mysql:5.6.18", "cpe:/a:oracle:mysql:5.5.39", "cpe:/a:oracle:mysql:5.5.31", "cpe:/a:oracle:mysql:5.5.23", "cpe:/a:oracle:mysql:5.6.9", "cpe:/a:oracle:mysql:5.5.11", "cpe:/a:oracle:mysql:5.6.7", "cpe:/a:oracle:mysql:5.6.20", "cpe:/a:mysql:mysql:5.5.7", "cpe:/a:oracle:mysql:5.5.20", "cpe:/a:oracle:mysql:5.5.37", "cpe:/a:mysql:mysql:5.5.6", "cpe:/a:oracle:mysql:5.5.28", "cpe:/a:oracle:mysql:5.5.38", "cpe:/a:oracle:mysql:5.5.27", "cpe:/a:oracle:mysql:5.5.32", "cpe:/a:oracle:mysql:5.5.12", "cpe:/a:oracle:mysql:5.6.17", "cpe:/a:oracle:mysql:5.5.17", "cpe:/a:oracle:mysql:5.5.34", "cpe:/a:oracle:mysql:5.5.21", "cpe:/a:oracle:mysql:5.5.25", "cpe:/a:oracle:mysql:5.6.12", "cpe:/o:oracle:solaris:11.3", "cpe:/a:mariadb:mariadb:5.5.40", "cpe:/a:juniper:junos_space:15.1", "cpe:/a:oracle:mysql:5.6.15", "cpe:/a:oracle:mysql:5.6.10"], "edition": 2, "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", "references": ["http://security.gentoo.org/glsa/glsa-201411-02.xml", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://www.securityfocus.com/bid/70487", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"], "id": "CVE-2014-6559", "lastseen": "2017-04-18T15:55:17", "assessment": {"name": "", "href": "", "system": ""}}
{"openvas": [{"lastseen": "2018-10-02T14:32:43", "references": ["https://alas.aws.amazon.com/ALAS-2014-428.html"], "pluginID": "1361412562310120190", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2014-428", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120190", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-428.nasl 6735 2017-07-17 09:56:49Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120190\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:33 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-428\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Oracle MySQL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update mysql55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-428.html\");\n script_cve_id(\"CVE-2014-6491\", \"CVE-2014-6559\", \"CVE-2014-6500\", \"CVE-2014-6494\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"mysql55-common\", rpm:\"mysql55-common~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-embedded-devel\", rpm:\"mysql55-embedded-devel~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-devel\", rpm:\"mysql55-devel~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-debuginfo\", rpm:\"mysql55-debuginfo~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-embedded\", rpm:\"mysql55-embedded~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-bench\", rpm:\"mysql55-bench~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-test\", rpm:\"mysql55-test~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-server\", rpm:\"mysql55-server~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55-libs\", rpm:\"mysql55-libs~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mysql55\", rpm:\"mysql55~5.5.40~1.3.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:28", "references": ["http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "http://secunia.com/advisories/60599"], "pluginID": "1361412562310804781", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-20T00:00:00", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310804781", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804781", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln02_oct14_win.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804781\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-6559\", \"CVE-2014-6555\", \"CVE-2014-6507\", \"CVE-2014-6500\",\n \"CVE-2014-6496\", \"CVE-2014-6494\", \"CVE-2014-6491\", \"CVE-2014-6469\",\n \"CVE-2014-6464\");\n script_bugtraq_id(70487, 70530, 70550, 70478, 70469, 70497, 70444, 70446, 70451);\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 13:30:37 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to C API SSL CERTIFICATE HANDLING,\n SERVER:DML, SERVER:SSL:yaSSL, SERVER:OPTIMIZER, SERVER:INNODB DML FOREIGN KEYS.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, gain escalated privileges,\n manipulate certain data, cause a DoS (Denial of Service), and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"MySQL Server version 5.5.39 and earlier,\n and 5.6.20 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/60599\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)) {\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.39\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.20\"))\n {\n security_message(sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:39:46", "references": ["https://security.gentoo.org/glsa/201411-02"], "pluginID": "1361412562310121277", "description": "Gentoo Linux Local Security Checks GLSA 201411-02", "edition": 7, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Security Advisory GLSA 201411-02", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121277", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201411-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121277\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:57 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201411-02\");\n script_tag(name:\"insight\", value:\"Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201411-02\");\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6507\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201411-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 5.5.40\"), vulnerable: make_list(\"lt 5.5.40\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/mariadb\", unaffected: make_list(\"ge 5.5.40-r1\"), vulnerable: make_list(\"lt 5.5.40-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:37:36", "references": ["http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "http://secunia.com/advisories/60599"], "pluginID": "1361412562310808144", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-03T00:00:00", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-32 Jun16 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310808144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln32_jun16_lin.nasl 11989 2018-10-19 11:25:26Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-32 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808144\");\n script_version(\"$Revision: 11989 $\");\n script_cve_id(\"CVE-2014-6559\", \"CVE-2014-6555\", \"CVE-2014-6507\", \"CVE-2014-6500\",\n \"CVE-2014-6496\", \"CVE-2014-6494\", \"CVE-2014-6491\", \"CVE-2014-6469\",\n \"CVE-2014-6464\");\n script_bugtraq_id(70487, 70530, 70550, 70478, 70469, 70497, 70444, 70446, 70451);\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 13:25:26 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:47 +0530 (Fri, 03 Jun 2016)\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-32 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to C API SSL CERTIFICATE HANDLING,\n SERVER:DML, SERVER:SSL:yaSSL, SERVER:OPTIMIZER, SERVER:INNODB DML FOREIGN KEYS.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, gain escalated privileges,\n manipulate certain data, cause a DoS (Denial of Service), and compromise a\n vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"MySQL Server version 5.5.39 and earlier,\n and 5.6.20 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/60599\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)) {\n exit(0);\n }\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.39\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.20\"))\n {\n security_message(sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:13:37", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-November/msg00031.html", "2014:1861-01"], "pluginID": "1361412562310871292", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "RedHat Update for mariadb RHSA-2014:1861-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871292", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2014:1861-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871292\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:35:36 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"RedHat Update for mariadb RHSA-2014:1861-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1861-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00031.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:29", "references": ["2014:1861", "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html"], "pluginID": "1361412562310882083", "description": "Check the version of mariadb", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "CentOS Update for mariadb CESA-2014:1861 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2014:1861 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882083\");\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:38:11 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"CentOS Update for mariadb CESA-2014:1861 centos7 \");\n\n script_tag(name: \"summary\", value: \"Check the version of mariadb\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of\ndetect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MariaDB is a multi-user, multi-threaded SQL\ndatabase server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mariadb on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1861\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.40~1.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:13:37", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-November/msg00029.html", "2014:1859-01"], "pluginID": "1361412562310871293", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "RedHat Update for mysql55-mysql RHSA-2014:1859-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql55-mysql RHSA-2014:1859-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871293\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:36:32 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"RedHat Update for mysql55-mysql RHSA-2014:1859-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql55-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mysql55-mysql on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1859-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00029.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-debuginfo\", rpm:\"mysql55-mysql-debuginfo~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:36", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "2014:1859"], "pluginID": "1361412562310882084", "description": "Check the version of mysql55-mysql", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-18T00:00:00", "title": "CentOS Update for mysql55-mysql CESA-2014:1859 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2017-07-20T00:00:00", "id": "OPENVAS:1361412562310882084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mysql55-mysql CESA-2014:1859 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882084\");\n script_version(\"$Revision: 6769 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-20 11:56:33 +0200 (Thu, 20 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-18 06:39:13 +0100 (Tue, 18 Nov 2014)\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\",\n \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\",\n \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\",\n \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\",\n \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_name(\"CentOS Update for mysql55-mysql CESA-2014:1859 centos5 \");\n\n script_tag(name: \"summary\", value: \"Check the version of mysql55-mysql\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of\ndetect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"MySQL is a multi-user, multi-threaded SQL\ndatabase server. It consists of the MySQL server daemon (mysqld) and many client\nprograms and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\");\n script_tag(name: \"affected\", value: \"mysql55-mysql on CentOS 5\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1859\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:59", "references": ["http://www.debian.org/security/2014/dsa-3054.html"], "pluginID": "1361412562310703054", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-10-20T00:00:00", "title": "Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703054", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3054.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3054-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703054\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6478\", \"CVE-2014-6484\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6495\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_name(\"Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-10-20 00:00:00 +0200 (Mon, 20 Oct 2014)\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3054.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.htmlhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.40-0+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:35", "references": ["http://linux.oracle.com/errata/ELSA-2014-1859.html"], "pluginID": "1361412562310123248", "description": "Oracle Linux Local Security Checks ELSA-2014-1859", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1859", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1859.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123248\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1859\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1859 - mysql55-mysql security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1859\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1859.html\");\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6559\", \"CVE-2014-6551\", \"CVE-2014-4287\", \"CVE-2014-6469\", \"CVE-2014-6507\", \"CVE-2014-6555\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"mysql55-mysql\", rpm:\"mysql55-mysql~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-bench\", rpm:\"mysql55-mysql-bench~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-devel\", rpm:\"mysql55-mysql-devel~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-libs\", rpm:\"mysql55-mysql-libs~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-server\", rpm:\"mysql55-mysql-server~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql55-mysql-test\", rpm:\"mysql55-mysql-test~5.5.40~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T03:13:43", "references": ["https://bugs.mageia.org/show_bug.cgi?id=14389", "http://www.nessus.org/u?1ada40cc", "http://www.nessus.org/u?7977fe89"], "pluginID": "78718", "description": "Multiple vulnerabilities has been discovered and corrected in mariadb :\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (CVE-2014-6464).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6507).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6555).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (CVE-2014-6559).\n\nThe updated packages have been upgraded to the 5.5.40 version which is not vulnerable to these issues.\n\nAdditionally MariaDB 5.5.40 removed the bundled copy of jemalloc from the source tarball and only builds with jemalloc if a system copy of the jemalloc library is detecting during the build. This update provides the jemalloc library packages to resolve this issue.", "edition": 6, "reporter": "Tenable", "published": "2014-10-29T00:00:00", "title": "Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:mariadb-client", "p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel", "p-cpe:/a:mandriva:linux:lib64mariadb-devel", "p-cpe:/a:mandriva:linux:mariadb", "p-cpe:/a:mandriva:linux:lib64mariadb18", "p-cpe:/a:mandriva:linux:lib64jemalloc1", "p-cpe:/a:mandriva:linux:mariadb-obsolete", "p-cpe:/a:mandriva:linux:mariadb-common-core", "p-cpe:/a:mandriva:linux:lib64jemalloc-devel", "p-cpe:/a:mandriva:linux:lib64mariadb-embedded18", "p-cpe:/a:mandriva:linux:mariadb-common", "p-cpe:/a:mandriva:linux:mysql-MariaDB", "p-cpe:/a:mandriva:linux:mariadb-feedback", "p-cpe:/a:mandriva:linux:mariadb-bench", "p-cpe:/a:mandriva:linux:mariadb-extra", "p-cpe:/a:mandriva:linux:mariadb-core"], "id": "MANDRIVA_MDVSA-2014-210.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78718", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:210. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78718);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6507\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(70446, 70451, 70487, 70530, 70550);\n script_xref(name:\"MDVSA\", value:\"2014:210\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nmariadb :\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:INNODB DML FOREIGN KEYS\n(CVE-2014-6464).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler\nand 5.6.20 and earlier allows remote authenticated users to affect\navailability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6507).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier\nand 5.6.20 and earlier allows remote authenticated users to affect\nconfidentiality, integrity, and availability via vectors related to\nSERVER:DML (CVE-2014-6555).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier,\nand 5.6.20 and earlier, allows remote attackers to affect\nconfidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n(CVE-2014-6559).\n\nThe updated packages have been upgraded to the 5.5.40 version which is\nnot vulnerable to these issues.\n\nAdditionally MariaDB 5.5.40 removed the bundled copy of jemalloc from\nthe source tarball and only builds with jemalloc if a system copy of\nthe jemalloc library is detecting during the build. This update\nprovides the jemalloc library packages to resolve this issue.\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ada40cc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mageia.org/show_bug.cgi?id=14389\"\n );\n # https://mariadb.com/kb/en/library/mariadb-5540-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7977fe89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jemalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jemalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mariadb18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-feedback\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mariadb-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-MariaDB\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64jemalloc-devel-3.6.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64jemalloc1-3.6.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-devel-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-embedded-devel-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb-embedded18-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mariadb18-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-client-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-common-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-common-core-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-core-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-extra-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-feedback-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mariadb-obsolete-5.5.40-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"mysql-MariaDB-5.5.40-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:41", "references": ["https://alas.aws.amazon.com/ALAS-2014-428.html"], "pluginID": "78558", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6491)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier.\nDifficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. (CVE-2014-6559)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6500)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2014-6494)", "edition": 5, "reporter": "Tenable", "published": "2014-10-20T00:00:00", "title": "Amazon Linux AMI : mysql55 (ALAS-2014-428)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-common", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql55-test", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-428.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-428.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78558);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6500\", \"CVE-2014-6559\");\n script_xref(name:\"ALAS\", value:\"2014-428\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2014-428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected\nare 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable\nvulnerability allows successful unauthenticated network attacks via\nmultiple protocols. Successful attack of this vulnerability can result\nin unauthorized takeover of MySQL Server possibly including arbitrary\ncode execution within the MySQL Server. (CVE-2014-6491)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions\nthat are affected are 5.5.39 and earlier and 5.6.20 and earlier.\nDifficult to exploit vulnerability allows successful unauthenticated\nnetwork attacks via multiple protocols. Successful attack of this\nvulnerability can result in unauthorized read access to all MySQL\nServer accessible data. (CVE-2014-6559)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected\nare 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable\nvulnerability allows successful unauthenticated network attacks via\nmultiple protocols. Successful attack of this vulnerability can result\nin unauthorized takeover of MySQL Server possibly including arbitrary\ncode execution within the MySQL Server. (CVE-2014-6500)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected\nare 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit\nvulnerability allows successful unauthenticated network attacks via\nmultiple protocols. Successful attack of this vulnerability can result\nin unauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. (CVE-2014-6494)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-428.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-common-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.40-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.40-1.3.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql55 / mysql55-bench / mysql55-common / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-17T03:12:21", "references": ["http://www.nessus.org/u?e5134a40"], "pluginID": "78477", "description": "The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components :\n\n - C API SSL CERTIFICATE HANDLING\n - CLIENT:SSL:yaSSL\n - SERVER:DML\n - SERVER:INNODB DML FOREIGN KEYS\n - SERVER:OPTIMIZER\n - SERVER:SSL:yaSSL", "edition": 8, "reporter": "Tenable", "published": "2014-10-15T00:00:00", "title": "MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78477);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2014-6464\",\n \"CVE-2014-6469\",\n \"CVE-2014-6491\",\n \"CVE-2014-6494\",\n \"CVE-2014-6496\",\n \"CVE-2014-6500\",\n \"CVE-2014-6507\",\n \"CVE-2014-6555\",\n \"CVE-2014-6559\"\n );\n script_bugtraq_id(\n 70444,\n 70446,\n 70451,\n 70469,\n 70478,\n 70487,\n 70497,\n 70530,\n 70550\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is version 5.5.x\nprior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected\nby errors in the following components :\n\n - C API SSL CERTIFICATE HANDLING\n - CLIENT:SSL:yaSSL\n - SERVER:DML\n - SERVER:INNODB DML FOREIGN KEYS\n - SERVER:OPTIMIZER\n - SERVER:SSL:yaSSL\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5134a40\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.40 / 5.6.21 or later as referenced in the\nOracle October 2014 Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # CVE-2014-6507\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\nmysql_check_version(fixed:make_list('5.5.40', '5.6.21'), severity:SECURITY_HOLE);\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:48", "references": ["http://www.nessus.org/u?8a8dff1f"], "pluginID": "78829", "description": "New mariadb packages are available for Slackware 14.1 and -current to fix security issues.", "edition": 4, "reporter": "Tenable", "published": "2014-11-04T00:00:00", "title": "Slackware 14.1 / current : mariadb (SSA:2014-307-01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2014-11-12T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mariadb"], "id": "SLACKWARE_SSA_2014-307-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-307-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78829);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:08:52 $\");\n\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6507\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(70444, 70446, 70451, 70469, 70478, 70487, 70497, 70530, 70550);\n script_xref(name:\"SSA\", value:\"2014-307-01\");\n\n script_name(english:\"Slackware 14.1 / current : mariadb (SSA:2014-307-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a8dff1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"5.5.40\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.40\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:43:01", "references": ["https://security.gentoo.org/glsa/201411-02"], "pluginID": "78880", "description": "The remote host is affected by the vulnerability described in GLSA-201411-02 (MySQL, MariaDB: Multiple vulnerabilities)\n\n Multiple unspecified vulnerabilities have been discovered in MySQL.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2014-11-06T00:00:00", "title": "GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2015-04-13T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mariadb", "p-cpe:/a:gentoo:linux:mysql"], "id": "GENTOO_GLSA-201411-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201411-02.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78880);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:27:09 $\");\n\n script_cve_id(\"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6491\", \"CVE-2014-6494\", \"CVE-2014-6496\", \"CVE-2014-6500\", \"CVE-2014-6507\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(70444, 70446, 70451, 70469, 70478, 70487, 70497, 70530, 70550);\n script_xref(name:\"GLSA\", value:\"201411-02\");\n\n script_name(english:\"GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201411-02\n(MySQL, MariaDB: Multiple vulnerabilities)\n\n Multiple unspecified vulnerabilities have been discovered in MySQL.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities to cause\n unspecified impact, possibly including remote execution of arbitrary\n code, Denial of Service, or disclosure of sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201411-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.5.40'\n All MariaDB users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mariadb-5.5.40-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mariadb\", unaffected:make_list(\"ge 5.5.40-r1\"), vulnerable:make_list(\"lt 5.5.40-r1\"))) flag++;\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.5.40\"), vulnerable:make_list(\"lt 5.5.40\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL / MariaDB\");\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:04", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1153497", "https://bugzilla.redhat.com/show_bug.cgi?id=1153467", "https://bugzilla.redhat.com/show_bug.cgi?id=1153463", "https://bugzilla.redhat.com/show_bug.cgi?id=1153461", "http://www.nessus.org/u?5e9ea712", "https://bugzilla.redhat.com/show_bug.cgi?id=1153464", "https://bugzilla.redhat.com/show_bug.cgi?id=1153494", "https://bugzilla.redhat.com/show_bug.cgi?id=1153493", "https://bugzilla.redhat.com/show_bug.cgi?id=1153490", "https://bugzilla.redhat.com/show_bug.cgi?id=1153491", "https://bugzilla.redhat.com/show_bug.cgi?id=1153489", "https://bugzilla.redhat.com/show_bug.cgi?id=1153495", "http://www.nessus.org/u?576d571a", "https://bugzilla.redhat.com/show_bug.cgi?id=1153462", "https://bugzilla.redhat.com/show_bug.cgi?id=1153496"], "pluginID": "79905", "description": "This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540- changelog and also couple of security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4287"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mariadb", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79905", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16003.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79905);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:14:43 $\");\n\n script_cve_id(\"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\", \"CVE-2014-6564\");\n script_bugtraq_id(70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"FEDORA\", value:\"2014-16003\");\n\n script_name(english:\"Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes all issues described at\nhttps://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-\nchangelog and also couple of security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153497\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145916.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e9ea712\"\n );\n # https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?576d571a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mariadb-5.5.40-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:42", "references": ["http://www.nessus.org/u?a3ad05fe"], "pluginID": "79304", "description": "This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 4, "reporter": "Tenable", "published": "2014-11-18T00:00:00", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-18T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141117_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79304);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/18 14:25:31 $\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MariaDB server daemon (mysqld) will\nbe restarted automatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=3203\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3ad05fe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:10", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-November/004646.html"], "pluginID": "79370", "description": "From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 5, "reporter": "Tenable", "published": "2014-11-21T00:00:00", "title": "Oracle Linux 7 : mariadb (ELSA-2014-1861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-test", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-bench", "p-cpe:/a:oracle:linux:mariadb-libs", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1861 and \n# Oracle Linux Security Advisory ELSA-2014-1861 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79370);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896, 69732, 70446, 70451, 70455, 70462, 70486, 70487, 70510, 70511, 70516, 70517, 70530, 70532, 70550);\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2014-1861)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1861 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004646.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:44:13", "references": ["https://access.redhat.com/security/cve/cve-2014-6530", "https://access.redhat.com/security/cve/cve-2014-6505", "https://access.redhat.com/security/cve/cve-2014-6484", "https://access.redhat.com/security/cve/cve-2012-5615", "https://access.redhat.com/security/cve/cve-2014-6469", "https://access.redhat.com/security/cve/cve-2014-6555", "https://access.redhat.com/security/cve/cve-2014-4258", "https://access.redhat.com/security/cve/cve-2014-4260", "https://access.redhat.com/security/cve/cve-2014-6507", "https://access.redhat.com/security/cve/cve-2014-6551", "https://access.redhat.com/security/cve/cve-2014-4287", "https://access.redhat.com/security/cve/cve-2014-4207", "https://access.redhat.com/security/cve/cve-2014-6464", "https://mariadb.com/kb/en/mariadb/development/release-notes/", "https://access.redhat.com/security/cve/cve-2014-4243", "https://access.redhat.com/security/cve/cve-2014-2494", "https://access.redhat.com/security/cve/cve-2014-6559", "http://www.nessus.org/u?3421cbe7", "https://access.redhat.com/security/cve/cve-2014-6463", "http://www.nessus.org/u?3e658eb0", "https://access.redhat.com/errata/RHSA-2014:1861", "https://access.redhat.com/security/cve/cve-2014-6520", "https://access.redhat.com/security/cve/cve-2014-4274"], "pluginID": "79303", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "edition": 9, "reporter": "Tenable", "published": "2014-11-18T00:00:00", "title": "RHEL 7 : mariadb (RHSA-2014:1861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "p-cpe:/a:redhat:enterprise_linux:mariadb-server"], "id": "REDHAT-RHSA-2014-1861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1861. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79303);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2012-5615\", \"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n script_xref(name:\"RHSA\", value:\"2014:1861\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2014:1861)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258,\nCVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,\nCVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505,\nCVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3421cbe7\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e658eb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/mariadb/development/release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6463\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1861\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.40-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:55", "references": ["http://www.nessus.org/u?da3a0cfb"], "pluginID": "79305", "description": "This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "edition": 4, "reporter": "Tenable", "published": "2014-11-18T00:00:00", "title": "Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-18T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141117_MYSQL55_MYSQL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79305);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/18 14:25:31 $\");\n\n script_cve_id(\"CVE-2014-2494\", \"CVE-2014-4207\", \"CVE-2014-4243\", \"CVE-2014-4258\", \"CVE-2014-4260\", \"CVE-2014-4274\", \"CVE-2014-4287\", \"CVE-2014-6463\", \"CVE-2014-6464\", \"CVE-2014-6469\", \"CVE-2014-6484\", \"CVE-2014-6505\", \"CVE-2014-6507\", \"CVE-2014-6520\", \"CVE-2014-6530\", \"CVE-2014-6551\", \"CVE-2014-6555\", \"CVE-2014-6559\");\n\n script_name(english:\"Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the MySQL database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207,\nCVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469,\nCVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\nCVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nAfter installing this update, the MySQL server daemon (mysqld) will be\nrestarted automatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=3069\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da3a0cfb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-bench-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-debuginfo-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-devel-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-libs-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-server-5.5.40-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mysql55-mysql-test-5.5.40-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:02", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-test-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-embedded-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-libs-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-embedded-devel-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-embedded-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-common-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-devel-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-debuginfo-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-debuginfo-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-common-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-bench-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-bench", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-server-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-server", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-embedded-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-embedded", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-libs-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "src", "packageFilename": "mysql55-5.5.40-1.3.amzn1.src.rpm", "packageName": "mysql55", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-bench-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-bench", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-embedded-devel-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-embedded-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-server-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-server", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "i686", "packageFilename": "mysql55-devel-5.5.40-1.3.amzn1.i686.rpm", "packageName": "mysql55-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "5.5.40-1.3.amzn1", "arch": "x86_64", "packageFilename": "mysql55-test-5.5.40-1.3.amzn1.x86_64.rpm", "packageName": "mysql55-test", "operator": "lt"}], "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. ([CVE-2014-6491 __](<https://access.redhat.com/security/cve/CVE-2014-6491>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. ([CVE-2014-6559 __](<https://access.redhat.com/security/cve/CVE-2014-6559>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. ([CVE-2014-6500 __](<https://access.redhat.com/security/cve/CVE-2014-6500>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2014-6494 __](<https://access.redhat.com/security/cve/CVE-2014-6494>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql55-common-5.5.40-1.3.amzn1.i686 \n mysql55-embedded-devel-5.5.40-1.3.amzn1.i686 \n mysql55-devel-5.5.40-1.3.amzn1.i686 \n mysql55-debuginfo-5.5.40-1.3.amzn1.i686 \n mysql55-embedded-5.5.40-1.3.amzn1.i686 \n mysql55-bench-5.5.40-1.3.amzn1.i686 \n mysql55-test-5.5.40-1.3.amzn1.i686 \n mysql55-server-5.5.40-1.3.amzn1.i686 \n mysql55-libs-5.5.40-1.3.amzn1.i686 \n mysql55-5.5.40-1.3.amzn1.i686 \n \n src: \n mysql55-5.5.40-1.3.amzn1.src \n \n x86_64: \n mysql55-embedded-5.5.40-1.3.amzn1.x86_64 \n mysql55-embedded-devel-5.5.40-1.3.amzn1.x86_64 \n mysql55-test-5.5.40-1.3.amzn1.x86_64 \n mysql55-server-5.5.40-1.3.amzn1.x86_64 \n mysql55-devel-5.5.40-1.3.amzn1.x86_64 \n mysql55-common-5.5.40-1.3.amzn1.x86_64 \n mysql55-debuginfo-5.5.40-1.3.amzn1.x86_64 \n mysql55-bench-5.5.40-1.3.amzn1.x86_64 \n mysql55-5.5.40-1.3.amzn1.x86_64 \n mysql55-libs-5.5.40-1.3.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-10-16T22:20:00", "title": "Important: mysql55", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2014-10-16T22:20:00", "id": "ALAS-2014-428", "href": "https://alas.aws.amazon.com/ALAS-2014-428.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:54", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.5.40", "arch": "i486", "packageFilename": "mariadb-5.5.40-i486-1_slack14.1.txz", "packageName": "mariadb", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "5.5.40", "arch": "x86_64", "packageFilename": "mariadb-5.5.40-x86_64-1_slack14.1.txz", "packageName": "mariadb", "operator": "lt"}], "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nda0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ndbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz\n\nSlackware x86_64 -current package:\n6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "edition": 3, "reporter": "Slackware Linux Project", "published": "2014-11-03T17:25:07", "title": "mariadb", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2014-11-03T17:25:07", "id": "SSA-2014-307-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500", "https://bugs.gentoo.org/show_bug.cgi?id=525504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "5.5.40-r1", "packageFilename": "UNKNOWN", "packageName": "dev-db/mariadb", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "5.5.40", "packageFilename": "UNKNOWN", "packageName": "dev-db/mysql", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.5.40\"\n \n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-5.5.40-r1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-11-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "MySQL, MariaDB: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "modified": "2014-11-05T00:00:00", "id": "GLSA-201411-02", "href": "https://security.gentoo.org/glsa/201411-02", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:12", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}], "description": "[5.5.40-2]\nfilter perl(GD) from Requires (perl-gd is not available for RHEL5)\n Resolves: #1160514\n[5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160514", "edition": 3, "reporter": "Oracle", "published": "2014-11-17T00:00:00", "title": "mysql55-mysql security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T00:00:00", "id": "ELSA-2014-1859", "href": "http://linux.oracle.com/errata/ELSA-2014-1859.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-server-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-test-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "src", "packageFilename": "mariadb-5.5.40-1.el7_0.src.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-devel", "operator": "lt"}], "description": "[1:5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160548\n[1:5.5.37-1]\n- Rebase to 5.5.37\n https://kb.askmonty.org/en/mariadb-5537-changelog/\n Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431\n CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419\n Resolves: #1101062", "edition": 3, "reporter": "Oracle", "published": "2014-11-17T00:00:00", "title": "mariadb security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-2440", "CVE-2014-4260", "CVE-2014-2432", "CVE-2014-2419", "CVE-2014-4258", "CVE-2014-2436", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-2431", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-2430", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2438", "CVE-2014-0384", "CVE-2014-4287"], "modified": "2014-11-17T00:00:00", "id": "ELSA-2014-1861", "href": "http://linux.oracle.com/errata/ELSA-2014-1861.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-04-15T18:30:18", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "src", "packageFilename": "mariadb-5.5.40-1.el7_0.src.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-test-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-server-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "i686", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "x86_64", "packageFilename": "mariadb-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.ppc.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.ppc.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-server-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.ppc.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc64", "packageFilename": "mariadb-test-5.5.40-1.el7_0.ppc64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "ppc", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.ppc.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.s390.rpm", "packageName": "mariadb-embedded", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.s390.rpm", "packageName": "mariadb-embedded-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-test-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-server-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390x", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.s390x.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.s390.rpm", "packageName": "mariadb-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "arch": "s390", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.s390.rpm", "packageName": "mariadb-devel", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1861) Important: mariadb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:33", "id": "RHSA-2014:1861", "href": "https://access.redhat.com/errata/RHSA-2014:1861", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "src", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc64", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.ppc64.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.s390.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.ppc64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ppc", "packageFilename": "mysql55-mysql-5.5.40-2.el5.ppc.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.s390.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "s390x", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.s390x.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "x86_64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "i386", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-bench", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "arch": "ia64", "packageFilename": "mysql55-mysql-5.5.40-2.el5.ia64.rpm", "packageName": "mysql55-mysql", "operator": "lt"}], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1859) Important: mysql55-mysql security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:14:29", "id": "RHSA-2014:1859", "href": "https://access.redhat.com/errata/RHSA-2014:1859", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-06-13T00:00:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-debuginfo", "packageFilename": "mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "src", "packageName": "mariadb55-mariadb", "packageFilename": "mariadb55-mariadb-5.5.40-10.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-devel", "packageFilename": "mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb", "packageFilename": "mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-bench", "packageFilename": "mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-test", "packageFilename": "mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-libs", "packageFilename": "mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-10.el6", "arch": "x86_64", "packageName": "mariadb55-mariadb-server", "packageFilename": "mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-debuginfo", "packageFilename": "mariadb55-mariadb-debuginfo-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "src", "packageName": "mariadb55-mariadb", "packageFilename": "mariadb55-mariadb-5.5.40-10.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-server", "packageFilename": "mariadb55-mariadb-server-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-devel", "packageFilename": "mariadb55-mariadb-devel-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-libs", "packageFilename": "mariadb55-mariadb-libs-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb", "packageFilename": "mariadb55-mariadb-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-bench", "packageFilename": "mariadb55-mariadb-bench-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-10.el7", "arch": "x86_64", "packageName": "mariadb55-mariadb-test", "packageFilename": "mariadb55-mariadb-test-5.5.40-10.el7.x86_64.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1862) Important: mariadb55-mariadb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:22", "id": "RHSA-2014:1862", "href": "https://access.redhat.com/errata/RHSA-2014:1862", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-06-12T23:59:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-debuginfo", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "src", "packageName": "mysql55-mysql", "packageFilename": "mysql55-mysql-5.5.40-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-devel", "packageFilename": "mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-libs", "packageFilename": "mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-test", "packageFilename": "mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-bench", "packageFilename": "mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql", "packageFilename": "mysql55-mysql-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-1.el6", "arch": "x86_64", "packageName": "mysql55-mysql-server", "packageFilename": "mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-debuginfo", "packageFilename": "mysql55-mysql-debuginfo-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "src", "packageName": "mysql55-mysql", "packageFilename": "mysql55-mysql-5.5.40-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-devel", "packageFilename": "mysql55-mysql-devel-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-libs", "packageFilename": "mysql55-mysql-libs-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-test", "packageFilename": "mysql55-mysql-test-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql", "packageFilename": "mysql55-mysql-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-bench", "packageFilename": "mysql55-mysql-bench-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-1.el7", "arch": "x86_64", "packageName": "mysql55-mysql-server", "packageFilename": "mysql55-mysql-server-5.5.40-1.el7.x86_64.rpm", "operator": "lt"}], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "reporter": "RedHat", "published": "2014-11-17T05:00:00", "type": "redhat", "title": "(RHSA-2014:1860) Important: mysql55-mysql security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:21", "id": "RHSA-2014:1860", "href": "https://access.redhat.com/errata/RHSA-2014:1860", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-06-06T23:51:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-2.el6ost", "arch": "src", "packageName": "mariadb-galera", "packageFilename": "mariadb-galera-5.5.40-2.el6ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-2.el6ost", "arch": "x86_64", "packageName": "mariadb-galera-common", "packageFilename": "mariadb-galera-common-5.5.40-2.el6ost.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-2.el6ost", "arch": "x86_64", "packageName": "mariadb-galera-debuginfo", "packageFilename": "mariadb-galera-debuginfo-5.5.40-2.el6ost.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "5.5.40-2.el6ost", "arch": "x86_64", "packageName": "mariadb-galera-server", "packageFilename": "mariadb-galera-server-5.5.40-2.el6ost.x86_64.rpm", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "reporter": "RedHat", "published": "2014-12-02T21:39:58", "type": "redhat", "title": "(RHSA-2014:1937) Important: mariadb-galera security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:55", "id": "RHSA-2014:1937", "href": "https://access.redhat.com/errata/RHSA-2014:1937", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-03-19T19:50:20", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-2.el7ost", "arch": "src", "packageFilename": "mariadb-galera-5.5.40-2.el7ost.src.rpm", "packageName": "mariadb-galera", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-2.el7ost", "arch": "x86_64", "packageFilename": "mariadb-galera-common-5.5.40-2.el7ost.x86_64.rpm", "packageName": "mariadb-galera-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-2.el7ost", "arch": "x86_64", "packageFilename": "mariadb-galera-debuginfo-5.5.40-2.el7ost.x86_64.rpm", "packageName": "mariadb-galera-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "5.5.40-2.el7ost", "arch": "x86_64", "packageFilename": "mariadb-galera-server-5.5.40-2.el7ost.x86_64.rpm", "packageName": "mariadb-galera-server", "operator": "lt"}], "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "reporter": "RedHat", "published": "2014-12-02T21:44:45", "type": "redhat", "title": "(RHSA-2014:1940) Important: mariadb-galera security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:26:43", "id": "RHSA-2014:1940", "href": "https://access.redhat.com/errata/RHSA-2014:1940", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:28", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1859.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-bench", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.src.rpm", "packageName": "mysql55-mysql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm", "packageName": "mysql55-mysql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-bench-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-bench", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.40-2.el5", "packageFilename": "mysql55-mysql-devel-5.5.40-2.el5.i386.rpm", "packageName": "mysql55-mysql-devel", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1859\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1859.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-11-17T17:35:05", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "mysql55 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T17:35:05", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "id": "CESA-2014:1859", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:41", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1861.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-5.5.40-1.el7_0.src.rpm", "packageName": "mariadb", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-embedded-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-devel-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-server-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-test-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-embedded-5.5.40-1.el7_0.i686.rpm", "packageName": "mariadb-embedded", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-libs-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "5.5.40-1.el7_0", "packageFilename": "mariadb-bench-5.5.40-1.el7_0.x86_64.rpm", "packageName": "mariadb-bench", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1861\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1861.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-11-17T17:32:07", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "mariadb security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "modified": "2014-11-17T17:32:07", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html", "id": "CESA-2014:1861", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:50:00", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "5.5.40-0+wheezy1", "arch": "all", "packageFilename": "mysql-5.5_5.5.40-0+wheezy1_all.deb", "packageName": "mysql-5.5", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3054-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nOctober 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2012-5615 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463\n CVE-2014-6464 CVE-2014-6469 CVE-2014-6478 CVE-2014-6484\n CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496\n CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559\nDebian Bug : 765663\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-10-20T16:19:38", "title": "[SECURITY] [DSA 3054-1] mysql-5.5 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:00", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "modified": "2014-10-20T16:19:38", "id": "DEBIAN:DSA-3054-1:E8FB1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00241.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:02", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5615", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6463", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4274", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6530", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6500", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6559", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6520", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6496", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6551", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6495", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6507", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6505", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4287", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6478", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6491", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6484", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6464", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6494", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6555"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "5.5.40-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mysql-server-5.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.5.40-0ubuntu0.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mysql-server-5.5", "operator": "lt"}], "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html> <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>", "edition": 3, "reporter": "Ubuntu", "published": "2014-10-15T00:00:00", "title": "MySQL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "modified": "2014-10-15T00:00:00", "id": "USN-2384-1", "href": "https://usn.ubuntu.com/2384-1/", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-11-09T00:09:39", "references": ["https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "reporter": "f5", "published": "2014-10-23T00:00:00", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494"], "modified": "2016-06-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15725.html", "id": "SOL15725", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:09", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.1.1 - 6.4.0 \n5.0.0 - 5.3.1| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K15461>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2014-10-23T23:30:00", "title": "Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494"], "modified": "2017-04-06T16:51:00", "href": "https://support.f5.com/csp/article/K15725", "id": "F5:K15725", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "references": ["https://bugzilla.suse.com/936408", "https://bugzilla.suse.com/914370", "https://bugzilla.suse.com/936407", "https://bugzilla.suse.com/859345", "https://bugzilla.suse.com/934789", "https://bugzilla.suse.com/936409", "https://bugzilla.suse.com/924663"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-debugsource-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld-devel-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-client-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-tools-5.5.44-4.1.i586.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-client-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-client-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-test-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient18-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-bench-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-tools-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient-devel-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld18-5.5.44-4.1.i586.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-client-5.5.44-4.1.i586.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-bench-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-errormessages-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-tools-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-test-5.5.44-4.1.i586.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-tools-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-bench-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-5.5.44-4.1.i586.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient_r18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-bench-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-bench-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-bench-5.5.44-4.1.i586.rpm", "packageName": "mariadb-bench", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-tools-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-bench-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqld18-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-bench-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-bench-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-test-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-errormessages-5.5.44-4.1.i586.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld-devel-5.5.44-4.1.i586.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-test-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-debugsource-5.5.44-4.1.i586.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-client-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-5.5.44-4.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-test-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-test-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient-devel-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqld18-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "x86_64", "packageFilename": "mariadb-test-debuginfo-10.0.20-2.9.1.x86_64.rpm", "packageName": "mariadb-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "x86_64", "packageFilename": "mariadb-test-5.5.44-4.1.x86_64.rpm", "packageName": "mariadb-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "mariadb-debuginfo-5.5.44-4.1.i586.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient_r18-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "mariadb-tools-debuginfo-10.0.20-2.9.1.i586.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "10.0.20-2.9.1", "arch": "i586", "packageFilename": "libmysqlclient18-10.0.20-2.9.1.i586.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "5.5.44-4.1", "arch": "i586", "packageFilename": "libmysqlclient18-5.5.44-4.1.i586.rpm", "packageName": "libmysqlclient18", "operator": "lt"}], "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-07-09T17:08:05", "title": "Security update for MariaDB (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2015-07-09T17:08:05", "id": "OPENSUSE-SU-2015:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:33:54", "references": ["https://bugzilla.suse.com/914058", "https://download.suse.com/patch/finder/?keywords=517a5816624f292e6bf06cda503a4300", "https://bugzilla.suse.com/878779", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/857678", "https://bugzilla.suse.com/868673"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.ppc64.rpm", "packageName": "mysql-tools", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.ppc64.rpm", "packageName": "libmysql55client18", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-32bit-5.5.42-0.8.1.s390x.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.ia64.rpm", "packageName": "libmysql55client_r18", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.ppc64.rpm", "packageName": "libmysql55client_r18", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-32bit-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.ppc64.rpm", "packageName": "mysql-client", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.ppc64.rpm", "packageName": "mysql", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.20.s390x.rpm", "packageName": "libmysqlclient15-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.20.s390x.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.ia64.rpm", "packageName": "libmysqlclient_r15", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.ia64.rpm", "packageName": "libmysqlclient15", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.s390x.rpm", "packageName": "mysql", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.ppc64.rpm", "packageName": "libmysqlclient_r15", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.s390x.rpm", "packageName": "libmysql55client18", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.i586.rpm", "packageName": "mysql-client", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.i586.rpm", "packageName": "mysql-tools", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql-client", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.20.ppc64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-x86-5.5.42-0.8.1.ia64.rpm", "packageName": "libmysql55client_r18-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client_r18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.s390x.rpm", "packageName": "libmysqlclient_r15", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-32bit-5.5.42-0.8.1.ppc64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.ia64.rpm", "packageName": "mysql-client", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-32bit-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient_r15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-x86-5.0.96-0.6.20.ia64.rpm", "packageName": "libmysqlclient15-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.i586.rpm", "packageName": "mysql", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-x86-5.0.96-0.6.20.ia64.rpm", "packageName": "libmysqlclient_r15-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-32bit-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.s390x.rpm", "packageName": "libmysql55client_r18", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-32bit-5.5.42-0.8.1.ppc64.rpm", "packageName": "libmysql55client18-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-5.5.42-0.8.1.ia64.rpm", "packageName": "mysql", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient_r15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-32bit-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-32bit-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-client-5.5.42-0.8.1.s390x.rpm", "packageName": "mysql-client", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.ia64.rpm", "packageName": "mysql-tools", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client_r18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client18", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-32bit-5.5.42-0.8.1.s390x.rpm", "packageName": "libmysql55client18-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.x86_64.rpm", "packageName": "mysql-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.s390x.rpm", "packageName": "libmysqlclient15", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.i586.rpm", "packageName": "libmysql55client18", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-x86-5.5.42-0.8.1.ia64.rpm", "packageName": "libmysql55client18-x86", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.i586.rpm", "packageName": "mysql-tools", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.i586.rpm", "packageName": "libmysqlclient15", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient_r15-5.0.96-0.6.20.x86_64.rpm", "packageName": "libmysqlclient_r15", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-32bit-5.0.96-0.6.20.ppc64.rpm", "packageName": "libmysqlclient15-32bit", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.0.96-0.6.20", "packageFilename": "libmysqlclient15-5.0.96-0.6.20.ppc64.rpm", "packageName": "libmysqlclient15", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client_r18-32bit-5.5.42-0.8.1.x86_64.rpm", "packageName": "libmysql55client_r18-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "mysql-tools-5.5.42-0.8.1.s390x.rpm", "packageName": "mysql-tools", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "5.5.42-0.8.1", "packageFilename": "libmysql55client18-5.5.42-0.8.1.ia64.rpm", "packageName": "libmysql55client18", "arch": "ia64", "operator": "lt"}], "description": "The MySQL datebase server was updated to 5.5.42, fixing various bugs and\n security issues.\n\n More information can be found on:\n\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>>\n\n Also various issues with the mysql start script were fixed.\n (bsc#868673,bsc#878779)\n\n Security Issues:\n\n * CVE-2015-0411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411</a>>\n * CVE-2015-0382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382</a>>\n * CVE-2015-0381\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381</a>>\n * CVE-2015-0391\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391</a>>\n * CVE-2015-0432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432</a>>\n * CVE-2015-0409\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409</a>>\n * CVE-2014-6568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568</a>>\n * CVE-2015-0385\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385</a>>\n * CVE-2015-0374\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374</a>>\n * CVE-2012-5615\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615</a>>\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-4274\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274</a>>\n * CVE-2014-4287\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287</a>>\n * CVE-2014-6463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463</a>>\n * CVE-2014-6464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464</a>>\n * CVE-2014-6469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469</a>>\n * CVE-2014-6474\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474</a>>\n * CVE-2014-6478\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478</a>>\n * CVE-2014-6484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484</a>>\n * CVE-2014-6489\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489</a>>\n * CVE-2014-6491\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491</a>>\n * CVE-2014-6494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494</a>>\n * CVE-2014-6495\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495</a>>\n * CVE-2014-6496\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496</a>>\n * CVE-2014-6500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500</a>>\n * CVE-2014-6505\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505</a>>\n * CVE-2014-6507\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507</a>>\n * CVE-2014-6520\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520</a>>\n * CVE-2014-6530\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530</a>>\n * CVE-2014-6551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551</a>>\n * CVE-2014-6555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555</a>>\n * CVE-2014-6559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559</a>>\n * CVE-2014-6564\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-03-28T01:04:56", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for MySQL (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2015-0385", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2015-0382", "CVE-2014-6478", "CVE-2015-0374", "CVE-2015-0409", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2015-03-28T01:04:56", "id": "SUSE-SU-2015:0620-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00033.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:04", "references": ["https://bugzilla.suse.com/919229", "https://bugzilla.suse.com/906194", "https://bugzilla.suse.com/896400", "https://bugzilla.suse.com/915911", "https://bugzilla.suse.com/880891", "https://bugzilla.suse.com/915912", "https://bugzilla.suse.com/904627", "https://bugzilla.suse.com/915914", "https://bugzilla.suse.com/915913", "https://bugzilla.suse.com/873351", "https://bugzilla.suse.com/911442", "https://bugzilla.suse.com/876282", "https://bugzilla.suse.com/911556", "https://bugzilla.suse.com/906117"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld-devel-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-10.0.16-15.1.s390x.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-client-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-tools-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debugsource-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-debuginfo-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld-devel-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-tools-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-tools-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debugsource-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-tools-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-client-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-errormessages-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-errormessages-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "mariadb-tools-10.0.16-15.1.ppc64le.rpm", "packageName": "mariadb-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-32bit-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqld18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld18-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient18-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient_r18-32bit-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient_r18-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient18-debuginfo-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient18-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqld-devel-10.0.16-15.1.s390x.rpm", "packageName": "libmysqld-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-errormessages-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-errormessages", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debugsource-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqlclient_r18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqlclient_r18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debugsource-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "ppc64le", "packageFilename": "libmysqld18-10.0.16-15.1.ppc64le.rpm", "packageName": "libmysqld18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "libmysqlclient-devel-10.0.16-15.1.x86_64.rpm", "packageName": "libmysqlclient-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "mariadb-debugsource-10.0.16-15.1.s390x.rpm", "packageName": "mariadb-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "s390x", "packageFilename": "libmysqlclient18-10.0.16-15.1.s390x.rpm", "packageName": "libmysqlclient18", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "10.0.16-15.1", "arch": "x86_64", "packageFilename": "mariadb-client-debuginfo-10.0.16-15.1.x86_64.rpm", "packageName": "mariadb-client-debuginfo", "operator": "lt"}], "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the "CCS Injection" vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-21T19:05:04", "title": "Security update for mariadb (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-3470", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2010-5298", "CVE-2015-0382", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-6478", "CVE-2015-0374", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-4207", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381"], "modified": "2015-04-21T19:05:04", "id": "SUSE-SU-2015:0743-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:57", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31331", "https://vulners.com/securityvulns/securityvulns:doc:31254", "https://vulners.com/securityvulns/securityvulns:doc:31257"], "description": "Quarterly update covers 138 different vulnerabilities.", "edition": 1, "reporter": "ORACLE", "published": "2014-11-03T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:57", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Endeca Information Discovery Studio", "version": "3.1", "operator": "eq"}, {"name": "Enterprise Data Quality", "version": "9.0", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Health Sciences Empirica Study", "version": "3.1", "operator": "eq"}, {"name": "OpenSSO", "version": "3.0", "operator": "eq"}, {"name": "MySQL", "version": "5.6", "operator": "eq"}, {"name": "Health Sciences Empirica Signal", "version": "7.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.2", "operator": "eq"}, {"name": "Retail Clearance Optimization Engine", "version": "14.0", "operator": "eq"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Identity Manager", "version": "11.1", "operator": "eq"}, {"name": "WebLogic Server", "version": "12.1", "operator": "eq"}, {"name": "Retail Allocation", "version": "13.2", "operator": "eq"}, {"name": "Application Performance Management", "version": "12.1", "operator": "eq"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "8.98", "operator": "eq"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.3", "operator": "eq"}, {"name": "Primavera Contract Management", "version": "14.0", "operator": "eq"}, {"name": "Health Sciences Empirica Inspections", "version": "1.0", "operator": "eq"}, {"name": "Retail Markdown Optimization", "version": "13.4", "operator": "eq"}, {"name": "Retail Invoice Matching", "version": "14.0", "operator": "eq"}, {"name": "Java SE Embedded", "version": "7", "operator": "eq"}, {"name": "VirtualBox", "version": "4.3", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Solaris", "version": "11", "operator": "eq"}, {"name": "Transportation Management", "version": "6.3", "operator": "eq"}, {"name": "JavaFX", "version": "2.2", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "Oracle Application Express", "version": "4.2", "operator": "eq"}, {"name": "Communications MetaSolv Solution", "version": "6.2", "operator": "eq"}], "cvelist": ["CVE-2014-6495", "CVE-2014-6506", "CVE-2014-6500", "CVE-2014-2478", "CVE-2014-6564", "CVE-2014-6482", "CVE-2014-6536", "CVE-2014-6544", "CVE-2014-6558", "CVE-2014-6516", "CVE-2014-6560", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-4301", "CVE-2014-6463", "CVE-2014-6515", "CVE-2014-6460", "CVE-2014-6554", "CVE-2014-6539", "CVE-2014-4292", "CVE-2014-6487", "CVE-2014-6538", "CVE-2014-6493", "CVE-2014-4280", "CVE-2014-6488", "CVE-2014-4282", "CVE-2014-6519", "CVE-2014-2472", "CVE-2014-6466", "CVE-2014-6517", "CVE-2014-6471", "CVE-2014-6501", "CVE-2014-6504", "CVE-2014-6534", "CVE-2014-6455", "CVE-2014-6459", "CVE-2014-6502", "CVE-2014-6472", "CVE-2014-0224", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-4284", "CVE-2014-6484", "CVE-2014-6476", "CVE-2014-6479", "CVE-2014-6535", "CVE-2014-6507", "CVE-2014-6503", "CVE-2014-6490", "CVE-2014-6557", "CVE-2014-6542", "CVE-2014-6454", "CVE-2014-4295", "CVE-2014-4291", "CVE-2014-6469", "CVE-2014-4278", "CVE-2014-6537", "CVE-2014-6486", "CVE-2014-6496", "CVE-2013-1741", "CVE-2014-6555", "CVE-2014-2476", "CVE-2014-6529", "CVE-2014-6562", "CVE-2014-4293", "CVE-2014-6511", "CVE-2014-6475", "CVE-2014-6485", "CVE-2014-6559", "CVE-2014-6470", "CVE-2014-4274", "CVE-2014-4294", "CVE-2014-6531", "CVE-2014-0119", "CVE-2014-6456", "CVE-2014-6547", "CVE-2014-2880", "CVE-2014-0114", "CVE-2014-4310", "CVE-2014-6543", "CVE-2014-6464", "CVE-2014-6468", "CVE-2014-4297", "CVE-2014-0050", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-6533", "CVE-2014-4276", "CVE-2014-4277", "CVE-2014-4288", "CVE-2014-6550", "CVE-2014-4296", "CVE-2014-4290", "CVE-2014-6478", "CVE-2014-6553", "CVE-2014-6483", "CVE-2014-6473", "CVE-2014-2475", "CVE-2014-4300", "CVE-2014-6546", "CVE-2014-6465", "CVE-2014-4299", "CVE-2014-6491", "CVE-2014-6508", "CVE-2014-4289", "CVE-2014-6453", "CVE-2014-2473", "CVE-2014-4285", "CVE-2014-6522", "CVE-2012-5615", "CVE-2014-6467", "CVE-2014-6523", "CVE-2014-6452", "CVE-2014-6513", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-2474", "CVE-2014-6563", "CVE-2014-6545", "CVE-2014-4281", "CVE-2014-4275", "CVE-2014-4287", "CVE-2014-6552", "CVE-2014-6540", "CVE-2014-6494", "CVE-2014-6461", "CVE-2014-4283", "CVE-2014-6527", "CVE-2014-6462", "CVE-2014-6561", "CVE-2014-4298", "CVE-2014-6499", "CVE-2014-6512", "CVE-2014-6498", "CVE-2014-6497"], "modified": "2014-11-03T00:00:00", "id": "SECURITYVULNS:VULN:14031", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14031", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:14:04", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nOracle acknowledges Dana Taylor of netinfiltration.com for bringing to Oracle's attention a number of sites that were vulnerable to disclosure of sensitive information because Oracle CPU fixes were not applied to those sites for more than a year.\n\nThis Critical Patch Update contains 154 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that on September 26, 2014, Oracle released a [Security Alert for CVE-2014-7169 \"Bash\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html>) and other publicly disclosed vulnerabilities affecting GNU Bash. Customers of affected Oracle products are strongly advised to apply the fixes that were announced in the Security Alert for CVE-2014-7169.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "edition": 3, "reporter": "Oracle", "published": "2014-10-14T00:00:00", "title": "Oracle Critical Patch Update - October 2014", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "8u20", "operator": "le"}, {"name": "Oracle Communications MetaSolv Solution", "version": "9.4.0", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Primavera Contract Management", "version": "13.1", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "13.1", "operator": "le"}, {"name": "Oracle Payments", "version": "12.2.4", "operator": "le"}, {"name": "JPublisher", "version": "12.1.0.2", "operator": "le"}, {"name": "JDBC", "version": "12.1.0.1", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "2.2.65", "operator": "le"}, {"name": "SQLJ", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle OpenSSO", "version": "3.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "2.3", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.4", "operator": "le"}, {"name": "Java VM", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "2.4", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "6u81", "operator": "le"}, {"name": "Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers", "version": "2221", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "13.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u60", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "13.2", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "13.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.39", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.20", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.2", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "11.1.0.1", "operator": "le"}, {"name": "JDBC", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Clearance Optimization Engine", "version": "13.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "5.0u71", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "13.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.2", "operator": "le"}, {"name": "JPublisher", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "12.0", "operator": "le"}, {"name": "Oracle Payments", "version": "12.0.4", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.3", "operator": "le"}, {"name": "Oracle Payments", "version": "12.1.2", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "12.1.0.6", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.0.6", "operator": "le"}, {"name": "Primavera Contract Management", "version": "14.0", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "10.0", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.63", "operator": "le"}, {"name": "SQLJ", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.34", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.1.3", "operator": "le"}, {"name": "JPublisher", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "3.0", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u20", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "JDBC", "version": "11.2.0.3", "operator": "le"}, {"name": "Java SE", "version": "5.0u71", "operator": "le"}, {"name": "Oracle Payments", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "12.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Oracle Retail Clearance Optimization Engine", "version": "13.4", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Applications Technology", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "13.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "5.0u71", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "le"}, {"name": "Oracle Applications Technology", "version": "12.1.3", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.26", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "13.0", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "2.2.2", "operator": "le"}, {"name": "Oracle Retail Clearance Optimization Engine", "version": "14.0", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.1.3", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "12.1.0.5", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "SQLJ", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "11.0", "operator": "le"}, {"name": "Oracle Applications Technology", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.0.6", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.38", "operator": "le"}, {"name": "Oracle Enterprise Data Quality", "version": "9.0.11", "operator": "le"}, {"name": "Oracle Payments", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Payments", "version": "12.1.3", "operator": "le"}, {"name": "Java SE", "version": "8u20", "operator": "le"}, {"name": "Oracle Communications MetaSolv Solution", "version": "49.0.0", "operator": "le"}, {"name": "Oracle Payments", "version": "12.1.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "27.8.3", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u81", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u67", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "11.0", "operator": "le"}, {"name": "JDBC", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Health Sciences Empirica Signal", "version": "7.3.3.3", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.1.0", "operator": "le"}, {"name": "Oracle Applications Object Library", "version": "11.5.10.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "SQLJ", "version": "12.1.0.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u60", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "12.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.14", "operator": "le"}, {"name": "JPublisher", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "11.1.2.4", "operator": "le"}, {"name": "Java SE, JavaFX", "version": "8u20", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "7.0", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "28.3.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2.0", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "13.0", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "13.4", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.19", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "11.2.0.3", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "13.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.52", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Agile PLM", "version": "9.3.3", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "3.1", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Payments", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Communications MetaSolv Solution", "version": "6.2.1.0.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u67", "operator": "le"}, {"name": "Enterprise Manager for Oracle Database", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "10.1.3.5", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Application Performance Management", "version": "12.1.0.6.2", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.2", "operator": "le"}, {"name": "Java SE", "version": "6u81", "operator": "le"}, {"name": "Java SE", "version": "7u67", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "14.0", "operator": "le"}, {"name": "Oracle Health Sciences Empirica Inspections", "version": "1.0.1.0", "operator": "le"}, {"name": "Oracle Communications MetaSolv Solution", "version": "10.1.0", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "12.0", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Enterprise Data Quality", "version": "8.1.2", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.0", "operator": "le"}, {"name": "SQLJ", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Health Sciences Empirica Study", "version": "3.1.2.0", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "8.98", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.4", "operator": "le"}, {"name": "Agile PLM", "version": "9.3.1.2", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Communications Session Border Controller", "version": "640m5", "operator": "le"}, {"name": "JPublisher", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Application Express", "version": "4.2.6", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.1.5", "operator": "le"}], "cvelist": ["CVE-2014-6495", "CVE-2014-6506", "CVE-2014-6500", "CVE-2014-2478", "CVE-2014-6564", "CVE-2014-6482", "CVE-2014-6536", "CVE-2014-6544", "CVE-2014-6558", "CVE-2014-6516", "CVE-2014-6560", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-4301", "CVE-2014-6463", "CVE-2014-6515", "CVE-2014-6460", "CVE-2014-6554", "CVE-2014-6539", "CVE-2014-4292", "CVE-2014-6487", "CVE-2014-6538", "CVE-2014-6493", "CVE-2014-4280", "CVE-2014-6488", "CVE-2014-4282", "CVE-2014-6519", "CVE-2014-2472", "CVE-2014-6466", "CVE-2014-6517", "CVE-2014-6471", "CVE-2014-6501", "CVE-2014-6504", "CVE-2014-6534", "CVE-2014-6455", "CVE-2014-6459", "CVE-2014-6502", "CVE-2014-7169", "CVE-2013-5605", "CVE-2014-6472", "CVE-2014-0224", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-4284", "CVE-2014-6484", "CVE-2014-6476", "CVE-2014-6479", "CVE-2014-6535", "CVE-2014-6507", "CVE-2014-6503", "CVE-2014-6490", "CVE-2014-6557", "CVE-2014-6542", "CVE-2014-6454", "CVE-2014-4295", "CVE-2014-4291", "CVE-2014-6469", "CVE-2014-4278", "CVE-2014-6537", "CVE-2014-6486", "CVE-2014-6496", "CVE-2013-1741", "CVE-2014-6555", "CVE-2014-2476", "CVE-2014-6529", "CVE-2014-6562", "CVE-2013-1740", "CVE-2014-4293", "CVE-2014-6511", "CVE-2014-3470", "CVE-2013-1739", "CVE-2014-6475", "CVE-2014-6485", "CVE-2014-6559", "CVE-2014-6470", "CVE-2014-4274", "CVE-2014-4294", "CVE-2014-6531", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-6456", "CVE-2014-6547", "CVE-2014-2880", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-4310", "CVE-2014-6543", "CVE-2014-6464", "CVE-2014-6468", "CVE-2014-4297", "CVE-2013-4322", "CVE-2014-0050", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-6533", "CVE-2014-4276", "CVE-2014-4277", "CVE-2014-4288", "CVE-2014-6550", "CVE-2014-0195", "CVE-2014-4296", "CVE-2014-0198", "CVE-2013-4590", "CVE-2014-4290", "CVE-2014-6478", "CVE-2014-6553", "CVE-2014-6483", "CVE-2014-6473", "CVE-2014-0096", "CVE-2014-2475", "CVE-2014-4300", "CVE-2014-0075", "CVE-2014-6546", "CVE-2014-6465", "CVE-2014-4299", "CVE-2014-6491", "CVE-2014-6508", "CVE-2014-4289", "CVE-2014-6453", "CVE-2014-2473", "CVE-2014-4285", "CVE-2014-6522", "CVE-2014-0033", "CVE-2012-5615", "CVE-2014-6467", "CVE-2014-6523", "CVE-2014-6452", "CVE-2014-0095", "CVE-2014-6513", "CVE-2014-6474", "CVE-2014-1491", "CVE-2014-6489", "CVE-2014-2474", "CVE-2014-6563", "CVE-2014-6545", "CVE-2014-4281", "CVE-2014-4275", "CVE-2014-4287", "CVE-2014-6477", "CVE-2014-6552", "CVE-2014-6540", "CVE-2014-6494", "CVE-2014-6461", "CVE-2014-4283", "CVE-2014-6527", "CVE-2014-6462", "CVE-2014-6561", "CVE-2014-4298", "CVE-2014-6499", "CVE-2014-6512", "CVE-2014-0221", "CVE-2014-6498", "CVE-2014-6497"], "modified": "2014-11-21T00:00:00", "id": "ORACLE:CPUOCT2014-1972960", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
